Reputation: 25214
Why is SetAuthCookie not called directly in Membership.ValidateUser?
I am currently implementing a custom membership provider in ASP.NET MVC3 and have been looking at examples of different sample implementations. I have noticed that FormsAuthentication.SetAuthCookie() never seems to be called from the ValidateUser method in the provider. It always seems to be called in the function which calls ValidateUser if ValidateUser returns true. This is usually some form of authentication helper.
What I don't understand is that SetAuthCookie() seems to be called once ValidateUser returns true. So my question is why not just integrate it directly?
Upvotes: 3
Views: 407
Answers (1)
Reputation: 16042
This is done because of separation of concerns i guess.
The membership providers responsibility is just to validate whether a given username/password pair is valid or not.
The FormsAuthentication.SetAuthCookie() methods task is to transform that information (the user has authenticated itself successfully) into a serializable format (cookie or url parameter) so that it survives the next HTTP request.
You could replace both implementations independent of each other, storing the authentication information in a cookie is just the most common way on the asp.net platform.
Upvotes: 2
Related Questions
- FormsAuthentication.SetAuthCookie doesn't [Authorize] in MVC 5
- FormsAuthentication.SetAuthCookie problem
- Custom MVC Authentication without SetAuthCookie()
- What is the purpose of Membership.ValidateUser()
- FormsAuthentication.SetAuthCookie doesn't work
- ASP.NET MVC - FormsAuthentication.SetAuthCookie() and RolesIsUserInRole - wierd behavior
- What does FormsAuthentication.SetAuthCookie do
- FormsAuthentication.SetAuthCookie
- ASP.NET MVC User authentication - why it should be so sophisticated?
- Does CreateUserWizard call FormsAuthentication.SetAuthCookie?